It used to be that there was some unwritten understanding amongst lawyers and judges (or so it seemed) that unless it was the absolute core evidence in the case that litigants did not need to go out and extract, analyze for relevance, and preserve cell phone data. Cell phone data sort of fell into the same category as voice mail messages in the world of corporate discovery - decentralized, burdensome, transient, hard to extract, hard to preserve, and in the case of voice mail who is going to listen to a 100,000 voice mail messages to pick out a few that are relevant? Rather than deal with such difficult "new" e-discovery issues lawyers and judges for the most part turned a blind eye to it unless someone really pushed it as crucial evidence in a case.
The tide has now changed and cell phone data is now quickly becoming a part of basic e-discovery.
Why is cell phone data becoming an important part of e-discovery?
One simple reason - with thanks to RIM (Blackberry), Apple (iPhone), and Microsoft (Windows CE devices), cell phones with PDA functionality are quickly becoming the main communications device that all business persons are using both for written (email, text messaging) and phone communications. While it is still a secondary device for web surfing (and that is changing given the increased screen resolution and QWERTY keyboards of such devices) there are many internet connected business applications in use for crucial functions such as data analysis, database input and reporting, and interfacing with servers. The email and business applications on such "cell phone" devices making the devices into the smallest form factor of a de facto laptop computer. In other words the cell phones devices have progressed to the point that they have similar business communications functionality to a laptop computer and given their small size they are, in many instances, used more often.
How do you extract cell phone data for e-discovery?
There are many ways to extract cell phone data some more elegant than others. Indeed, with some cell phone/PDA devices a large part of the data (but not all) including email can be synchronized to a central server by using, for example, the functionality found in Blackberry Server and Outlook Exchange.
There are also applications that on a one by one basis use the data port on the cell phone device to communicate with the USB port on a laptop running specialized software the runs the extraction. In this category a new product called the Cell Seizure Investigator (CSI) Stick from Paraben shows some promise.
Paraben's CSI Stick is a portable cell phone forensic and data gathering hardware and software tool. According to Paraben the way it works is that you select the colored cell phone tip (compatible with the communications port) for the cell phone model to be acquired, plug the power adapter in, plug the CSI Stick into the cell phone,and press the acquire button and the extraction begins.
The CSI Stick contains a switch where you pick the level of data extraction including:
- A logical copy gets all available active data (including text and multi-media files)
- The text filter copies all SMS and text messages, phonebooks, and call logs
- The multi-media filter copies all available pictures and movies
- A physical copy gets all memory on the device
In order to use the data extracted by the CSI stick you will need to own a copy Paraben's Device Seizure or Device Seizure Lite. According to Paraben "these advanced forensic analysis tools enable you to view, search, and report on data extracted from handheld devices."
The CSI Stick currently needs to beef up its cell phone and PDA device support as it only handles certain Motorola and Samsung phone models but Paraben indicates that more manufacturer support is coming soon. Frankly, Blackberry and iPhone support are very much needed given the popularity of such devices.
On the flipside, it seems that a large organization faced with the need to preserve a huge installed base of cell phone data will need to look to some other technology - more likely one that is centralized with synchronization. Such a software application will need to run over a large number of devices like the Blackberry Server and provide the same level of extraction as the CSI Stick - so that larger organizations with a large installed base of cell phone and PDA users can have a practical method of preserving cell phone/PDA data on demand - for example in a litigation hold climate.
The CSI Stick makes cell phone evidence gathering and analysis available to the masses including lawyers, investigators, and all others in the e-discovery chain who should consider it when faced with the daunting challenges of the current state of e-discovery and related investigations.